Search This Blog

Friday, January 30, 2009

Security Management Weekly - January 30, 2009

header

  Learn more! ->   sm professional  

January 30, 2009
 
 
CORPORATE SECURITY  
  1. " PPL Plant First in Worker Beefs" Pennsylvania
  2. " Panel Rejects 'Make My Day' Law for Businesses" Colorado
  3. " Backgrounder: Combating Maritime Piracy"
  4. " Lab Says Opiate Use Up in Hawaii Workplace"
  5. " Supreme Court Reverses Drug Conviction" South Dakota

HOMELAND SECURITY  
  6. " TSA Lends Eyes for Sunday's Big Game" Tampa, Fla.
  7. " Guantanamo Judge Defies Obama"
  8. " Government Seeks Padilla Suit Dismissal" Charleston, S.C.
  9. " Iraq to Deny New License to Blackwater Security Firm"
  10. " Iceland's Government Collapses"

CYBER SECURITY  
  11. " With Economic Slump, Concerns Rise Over Data Theft"
  12. " Web Malware Infects Fast, Dies Young"
  13. " ICANN Ponders Ways to Stop Scammy Web Sites"
  14. " Mac Malware Will Become Endemic Amongst High-Risk Groups"
  15. " Worm Infects Millions of Computers Worldwide"


   






 

"PPL Plant First in Worker Beefs"
Allentown Morning Call (PA) (01/29/09) ; Kraus, Scott

The Nuclear Regulatory Commission hit PPL Corp. on Wednesday for failing to make sure all employees at its Susquehanna Nuclear Plant feel comfortable raising concerns about plant safety or operations. The federal agency issued the utility a 'chilling effect' letter, giving the company 30 days to outline how it will guarantee workers feel free to speak out about problems in the future without fear of retaliation. 'It is really meant to send a message to the plant that it needs to take some action now before conditions worsen,' explained NRC spokesman Neil Sheehan. The NRC received 33 complaints from plant employees in 2008, the most from any nuclear plant in the country, agency records show. The NRC started probing work conditions at the plant in December 2006 after employees complained to the agency about the refuel floor. PPL spokesman Joe Scopelitti said, "'We are going to be working to come up with a detailed plan." Sheehan said that plans by a PPL subsidiary to construct a reactor adjacent to the Susquehanna site will likely not be affected. Should PPL fail to see improvements, the plant could face heightened supervision, monetary penalties, or even shuttering.
(go to web site)

"Panel Rejects 'Make My Day' Law for Businesses"
Associated Press (01/28/09) ; Slevin, Colleen

The Colorado Senate's State, Veterans & Military Affairs Committee has once again rejected a measure that would have allowed business owners, managers, and employees to use deadly force against someone who illegally enters their workplace. Under the legislation, known as the "Make My Day" law, the business owner or employee would have to believe that the intruder intended to commit a crime or use physical force against them before they could shoot. This is third straight year in which the legislation was defeated. The defeat of the legislation marked a victory for the state's police chiefs, who said the bill could have resulted in shootings during business hours when customers are present. Other critics warned that the law could have been used by an abuser to invite their partner to their workplace so they could legally kill them there. However, supporters of the measure pointed out that the original "Make My Day" law, which applied to homeowners, did not result in a spike in shootings.
(go to web site)

"Backgrounder: Combating Maritime Piracy"
New York Times (01/27/09) ; Hanson, Stephanie

Pirates operating off the coast of Somalia drew international attention to the growing maritime piracy problem after hijacking an oil supertanker and a ship transporting Russian tanks. Although experts are optimistic that naval cooperation between a number of countries will be successful in the waters off of Somalia, piracy is predicted to rise across the globe. Pirate attacks generally occur in four areas: Africa's gulfs of Aden and Guinea, the Malacca Strait between Indonesia and Malaysia, and the waters between India and Sri Lanka. Global piracy increased 11 percent in 2008 compared to the previous year, with piracy in East Africa rising by 200 percent. Piracy is estimated to cost the shipping industry anywhere between $1 billion and $16 billion a year. Although many experts do not classify piracy as terrorism, it is believed that pirates provide funding to Islamic terrorist organizations, making it even more important to stop them. Over a dozen countries, including Russia and the United States, have deployed combat ships to the Gulf of Aden to crackdown on piracy. However, there are a number of legal questions about what to do with pirates captured in one country's waters by another country's navy, including where the pirates should be prosecuted. The U.S. is currently working on a number of bilateral agreements that would define where pirates are prosecuted.
(go to web site)

"Lab Says Opiate Use Up in Hawaii Workplace"
Pacific Business News (01/26/09)

Statistics released by Diagnostic Laboratory Services, which performs pre-employment and random drug testing for roughly 800 businesses in Hawaii, show that efforts to stamp out drug use in the state's workplaces are producing mixed results. The company found that while opiate or prescription drug use decreased slightly among Hawaii workers from the third quarter of 2008 to the fourth quarter, use of the drugs was up 40 percent between 2007 and 2008. Fifty of the 10,000 employees or potential employees Diagnostic Laboratory Services tested between October and December of last year tested positive for opiates or prescription drugs. Meanwhile, marijuana use among Hawaii workers was up 28 percent between 2007 and 2008, though it also declined slightly between the third and fourth quarters of last year. Bucking the trend was cocaine use, which declined 50 percent between the third and fourth quarters of last year and fell 33 percent between 2007 and 2008. Carl Linden, the scientific director of toxicology at Diagnostic Laboratory Services, said the statistics for all drug classes are in line with national trends.
(go to web site)

"Supreme Court Reverses Drug Conviction"
Native American Times (01/26/09) ; Woster, Terry

The South Dakota Supreme Court has unanimously ruled that the legal restrictions on unreasonable searches that are contained in the U.S. Constitution and the Indian Civil Rights Act apply to two security guards at a tribal casino who found marijuana in a man's hotel room. The decision reversed a ruling by the Moody County Circuit Court that stated that the security guards were acting as private citizens when they forced themselves into a hotel room at the casino they worked at after they smelled marijuana. After entering the room, the guards found what they believed to be the drug and called local law enforcement officers. The officers did not obtain a search warrant until after they searched the guest who was staying in the hotel room, Harry L. Madsen, who was eventually convicted on drug-related charges. However, the circuit court ruled that the drugs could still be used as evidence against Madsen. The South Dakota Supreme Court disagreed, saying that the two guards had to stay within the legal restrictions on unreasonable searches because they were hired to provide safety and security to the tribal casino. The case now goes back to the Moody County Circuit Court, which must use constitutional guidelines to decide whether or not the security guards' search of Madsen's room was reasonable.
(go to web site)

"TSA Lends Eyes for Sunday's Big Game"
USA Today (01/30/09) ; Frank, Thomas

Police in Tampa, Fla., have asked the Transportation Security Administration (TSA) to send dozens of its officers to the city on Sunday to help with security at Super Bowl XLIII. The officers are trained to use a technique known as behavior observation, in which they look for people displaying signs of nervousness such as sweating, avoiding eye contact, or talking evasively. At Tampa's Raymond James Stadium on Sunday, TSA officers will use this technique--which is normally used only in airports--to identify people who could potentially pose a threat to the security of the game. Tampa police will then conduct informal interviews with those who are deemed to be a potential threat and decide whether the individual should be formally questioned or arrested. The American Civil Liberties Union is criticizing the use of the technique, which it says is unproven. The organization also said that the use of behavior observation at a stadium will set a dangerous precedent for police inquiries.
(go to web site)

"Guantanamo Judge Defies Obama"
Los Angeles Times (01/30/09) ; Williams, Carol J.

President Barack Obama requested that the prosecution of all terrorism suspects at the Guantanamo Bay war crimes court be halted, but the commission's chief judge ruled that delaying the case of Saudi terrorism suspect Abd al Rahim al Nashiri would be unreasonable. Prosecutors and defense lawyers had already agreed to a four-month suspension of the case in order to give President Obama a chance to review the military commissions process created during the Bush administration. However, Army Col. James L. Pohl is legally allowed to ignore Obama's request because it was not an order and the military judges are the only ones capable of granting a delay once charges have been referred to trial. Some experts believe that Pohl decided to move on with the case because Nashiri, accused of involvement with the Cole attack, was waterboarded and some evidence would not be admissible in U.S. federal court. The case could be delayed if Susan J. Crawford, the tribunal's top official, decided to trop the capital charges against Nashiri.
(go to web site)

"Government Seeks Padilla Suit Dismissal"
Charleston Post and Courier (01/30/09) ; Bartelme, Tony

Attorneys for Jose Padilla, who was convicted in a Miami federal court of conspiring to launch a terror attack, have asked a federal judge in Charleston, S.C., to allow their client's 2007 civil lawsuit against the federal government to proceed and to declare his incarceration and treatment at the Naval Consolidated Brig Charleston unconstitutional. In the lawsuit, Padilla alleged that the years-long solitary confinement he endured at the brig was a form of torture. In addition, Padilla's attorneys say that the government broke the law when it declared him an enemy combatant. Padilla's attorneys said they wanted the judge, U.S. Magistrate Robert S. Carr, to permanently forbid the government from putting him in military custody. For its part, the government asked Judge Carr to dismiss Padilla's lawsuit since there are no plans to return Padilla to military custody.
(go to web site)

"Iraq to Deny New License to Blackwater Security Firm"
Washington Post (01/29/09) P. A12 ; Londono, Ernesto; Mizher, Qais

Iraq's government has told the U.S. Embassy in Baghdad that it will not provide a new operating license to Blackwater Worldwide, the embassy's main security firm, Iraqi and U.S. officials stated on Jan. 28. Iraqi officials said the decision not to renew Blackwater's license was largely made because of its alleged role in a September 16, 2007 shooting in Baghdad that killed 17 Iraqi civilians. Blackwater has also been criticized by Iraqis for using excessive force in other incidents as well. The decision not to renew Blackwater's license will allow Blackwater workers who have not been charged with improper conduct to continue working as private-security contractors in Iraq if they change companies, Iraqi officials noted. In addition, Blackwater will be required to leave Iraq as soon as a joint Iraqi-U.S. committee completes guidelines for private contractors under the security deal between the two countries that went into effect on Jan. 1.
(go to web site)

"Iceland's Government Collapses"
New York Times (01/27/09) ; Dempsey, Judy

Iceland's government collapsed on Jan. 26, days after its prime minister called for early elections amid popular anger over a financial crisis that has gutted the economy. Prime Minister Geir Haarde and his cabinet will resign immediately. The move came after his Independence Party failed to come to terms with the Social Democrats, its main partner in Iceland's coalition government. The government's collapse is the latest fallout from a global financial crisis that has set off angry demonstrations against governments across Europe. Icelanders, angry about soaring unemployment and rising prices, have been protesting for weeks in the capital, Reykjavik. The demonstrations in Iceland have been mirrored elsewhere in Europe. The Latvian government, which this month pushed through wage and spending cuts but also tax increases in order to cope with the banking crisis, faced demonstrations that turned into violent riots. Neighboring Lithuania also had to contend with protesters after the government introduced a package of austerity measures to protect the financial sector. Tens of thousands turned out in the Spanish city of Zaragoza in mid-January to press the local authorities to deal with soaring unemployment as the country's construction and retailing industries are hit by the global downturn. In Greece, the government is still coming to terms with widespread student protests. In all cases, the demonstrations have had a mix of sentiments: anti-globalization, anti-capitalist and anti-reform. So far, Europe's largest economies, France, Germany and Britain, have been spared demonstrations. All three governments have introduced huge stimulus measures aimed at spurring employment and protecting banks.
(go to web site)

"With Economic Slump, Concerns Rise Over Data Theft"
IDG News Service (01/29/09) ; McMillan, Robert

Laid-off employees are the biggest IT security threat created by the economic recession, according to a new McAfee study, which warned that cybercrime could cost businesses worldwide more than $1 trillion. The study surveyed 1,000 IT decision makers from 800 companies in eight countries. The study says that laid-off employees may steal intellectual property from their former employer in order to sell the information, improve their chances of getting hired with a competitor, or start a company of their own. In addition, acquisitions can leave IT workers unsure of how to report security problems or who to report them to. Existing controls also may not be monitored during an acquisition. Finally, workers who are unsure about their job security and the job security of their colleagues may be more hesitant to report security problems. Ignoring these problems can be costly. McAfee CEO Dave DeWalt says companies lose an average of $4.6 million in intellectual property during a security breach and have to spend about $600,000 to correct the problem. "We don't have the good risk models and as a result people are taking risks," says Purdue University computer science professor and study contributor Eugene Spafford. He says the frequency of security breaches will increase as a result of the recession as companies try to cope by cutting their information security expenses.
(go to web site)

"Web Malware Infects Fast, Dies Young"
InformationWeek (01/28/09) ; Claburn, Thomas

Security researchers at AVG Technologies say the number of newly-infected Web sites is so high that attackers are taking malware-loaded sites down after only a few days, before anyone else has the opportunity to track the attacks. The experts report double-digit growth in the number of new malware-ridden sites, up 66 percent from 100,000 to 200,000 per day to 200,000 to 300,000 per day. On Jan. 26 Google reported a similar increase, noting that spam volumes rose 25 percent between 2007 and 2008. The proliferation of infected sites means cyber-attackers do not have to keep the sites active for very long, according to AVG chief research officer Roger Thompson. Nearly three in five infected Web sites are taken down after being up for only a day, he says.
(go to web site)

"ICANN Ponders Ways to Stop Scammy Web Sites"
IDG News Service (01/27/09) ; Kirk, Jeremy

ICANN recently issued an initial report on fast flux, a technique that is being exploited by hackers and other cybercriminals. Fast flux allows a Web site's domain name to resolve multiple Internet Protocol (IP) addresses. Content distribution networks use the technique legitimately in order to balance loads, lower data transmission costs, and improve performance. However, cybercriminals are using the technique to make it more difficult for Internet service providers to shut down illegal Web sites. Fast flux helps cybercriminals avoid detection and frustrate efforts to close their Web sites. Internet security experts are trying to develop a way to stop the criminal use of fast flux without restricting the technique's legitimate uses. Potential solutions include quicker identification of abusive domain names or limiting the ability of registrants to repeatedly change name servers.
(go to web site)

"Mac Malware Will Become Endemic Amongst High-Risk Groups"
ZDNet (01/26/09) ; O'Donnell, Adam

The appearance of two trojan outbreaks on Mac machines in mid January has IT security experts wondering if a "Mac malware epidemic" is imminent, writes engineer Adam O'Donnell. Even if attackers have not succeeded in bringing down Mac's notoriously impenetrable platform, experts believe that Mac malware is now proliferating file-sharing applications. Fortunately, the average user is probably not exposed to the risks, as the recently-exposed trojans are not circulating outside of the high-risk population, according to O'Donnell. Anyone with a computer infected by the new batch of Mac malware will stay infected regardless of human interaction due to the absence of any tools for the identification and extraction of malware. The real question security experts are asking is if the compromising of Macs is a lucrative enough endeavor for malware authors to continue to exploit the platform. If not, the scare will be forgotten in time; otherwise, Mac users are advised to update and download new patches for their Time Machine software.
(go to web site)

"Worm Infects Millions of Computers Worldwide"
New York Times (01/23/09) ; Markoff, John

A computer worm is infecting millions of computers in what could be the first part of a multi-stage attack. The worm, known as Conflicker or Downadup, has spread by exploiting a recently discovered Microsoft Windows vulnerability that involves guessing network passwords and using portable devices such as USBs to spread. Experts say the worm has led to the worst infection since the Slammer worm in January 2003, and it may have infected as many as 9 million PCs worldwide. Many computer users may not notice that their machines have been infected, and computer security researchers say they were waiting for infected computers to receive instructions so they can determine the intended purpose of the botnet. Infected computers may run programs in the background to send spam, infect other computers, or steal personal information. Microsoft released an emergency patch to eliminate the vulnerability in October, but the worm has continued to spread. Security researchers at the Qualys security firm estimate that about 30 percent of Windows-based computers attached to the Internet remain vulnerable because they have not been updated with the patch. "I don't know why people aren't more afraid of these programs," says Georgia Institute of Technology professor Merrick L. Furst. "This is like having a mole in your organization that can do things like send out any information it finds on machines it infects."
(go to web site)

Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

2 comments:

Bluegrass Pundit said...


The French turn over captured pirates to Somali government. Good by hands? (video)

The Somalian punishment for piracy, under sharia, is the removal of heads, arms, or other appendages. I guess these pirates careers are coming to an end. I have no sympathy for them.

Ted said...

The Joint Chiefs of Staff HAVE AN ABSOLUTE CONSTITUTIONAL DUTY to stand behind Guantanamo Military Judge James Pohl UNTIL OBAMA OVERCOMES “RES IPSA LOQUITUR” BY SUPPLYING HIS LONG FORM BIRTH CERTIFICATE AND PROVING HIS ELIGIBILITY TO BE PRESIDENT UNDER ARTICLE 2 OF THE US CONSTITUTION.